London’s citizens faced the threat of a potential data breach due to security failings in the capital’s 33 local authorities (32 London boroughs and the City of London itself). This is according to research by a digital identity management company. Secure Cloudlink made a Freedom of Information (FOI) request to the 32 London boroughs and the City of London authority to ascertain their security hygiene and to determine how well they protect their data. The results suggested that 64 per cent had experienced a data breach in the last four years.
Mark Leonard, Chairman at Secure Cloudlink, said: “We issued these questions to London’s councils to gauge the security hygiene of the public sector. The sheer number of councils that have been breached is astonishing and reveals the issue of security is more prevalent than ever. There is a mass market for stolen data and hackers have become increasingly sophisticated in their tactics. Despite cybersecurity falling higher on the government’s agenda, the issue persists. Organisations need to be endlessly diligent when it comes to putting the correct procedures in place to alleviate the growing security risks.”
Findings included:
21 out of the 33 have reported a data breach in the past four years including Barnet, Camden, Croydon, Greenwich, Lambeth, Lewisham, Wandsworth, Westminster and the City of London itself;
Bexley, Bromley, Ealing, Enfield and Haringey are amongst those which reported no breaches in the same timeframe;
Kensington and Chelsea refused to disclose the information on the grounds of potential cyber-attacks, as did Hackney, which refused to ‘confirm or deny whether it holds the requested information’; and
For residents concerned about potential data breaches of their online user accounts, not one council reported an incident in the past four years to their knowledge.
Leonard added: “For public sector organisations in particular, it’s imperative that they maintain strict control over their data, due to the highly sensitive nature of the information they handle. The risk of not doing so puts citizens at risk of falling victim to data theft. No one is immune to the risk of a data breach, so organisations and individuals need to understands what it takes to navigate today’s increasingly vulnerable security landscape. While this set of data exposes the fact that the majority of London local authorities are vulnerable, as the vast majority experienced a breach in the past few years, the findings do indicate that residents of the city have not been directly impacted.
“But that does not mean that greater strides need to be made in managing security processes. The Cyber Essentials Scheme in fact is a government backed initiative that aims to provide clearer guidance and advice for organisations looking to improve their cyber security housekeeping. It’s aimed at those who might not have a dedicated in-house IT staff responsible for cyber-security – while most public sector departments will have this in place, it’s advice is certainly valuable in providing the solid foundations to improving security practices. On top of this, education must also be balanced with having the necessary systems in place to counter threats.
“Designs that were once suitable have not been updated to keep pace with today’s digital economy, and because of this, hackers have been able to capitalise and steal information much more easily. What’s important is to address internal and external threats by adopting new tools and practices that have the utmost cybersecurity resilience, and actually addresses the issues at hand. Fundamentally, all technology must adapt to an ever-changing industry and the security mindset needs to change. The future of any organisation that wants to insulate itself from the growing threat of cybercrime depends on this.”
